Centered on Community

Starting in Fall 2015, Albion College will annually offer four-year tuition, room, and board to as many as 10 first-year students who are Albion residents and attended Albion Public Schools in grades 6-8. Read more

News Archive

Is it Phishing?

Attempts to gain access to one’s account information, known as phishing, have increased dramatically with the increased use of cloud resources. It is often difficult to tell the difference between a legitimate notice and emails that are phishing for your account information. If you would like to read more about what is phishing, please click the previous link.

It used to be that you could simply judge the validity by reviewing the grammar of the message. Now a more critical eye is needed.

Recent Example

Below is a sample of a phishing attempt that recently spread across campus. As you can see, it seems fairly legitimate, until you put it through the three step test.

Three Quick Checks

Below are three quick checks you can perform to help judge the validity of a message regarding your Albion Account.

What are from: and to: fields? - If they are the same or you are not the only recipient you should be skeptical. Information Technology communicates only with individual users about their account's credentials, we will not send out bulk email about one's account.

Is there a link in the message that points somewhere other than the identified URL? It is most likely a phishing attempt. The URL of the Albion Password Change Form is https://www.albion.edu/it/pwman and is the only page we would direct you to use to handle an account password issue.

Is the message signed generically or is there an individual that you know sending the message? - When handling issues regarding Albion account information, you will be contacted directly by Information Technology, and we will always sign the message from a particular staff person.

If you receive a message about your Albion Account from anyone not known to be in Information Technology you should question the validity of the message.

It is also common practice when we send you a message about your account to provide an alternative contact method, normally calling the Help Desk at (517) 629-0479, to confirm the accuracy of the information. Messages without alternative contact information should be handled with suspicion.

What to Do?

When you determine a message is phishing, the best course of action is to report it as phishing within Gmail. This will decrease the chances of the message landing in other’s inbox.

If you are a victim of a phishing attack and provide your account information, the first step is to change your password. The page you need to visit to change your e-mail password is: https://accounts.google.com/EditPasswd. Changing your password terminates the access gained through a phishing attack.

As always, should you have questions about phishing or how to more safely navigate this cloud based world, please contact the Help Desk.

What is Phishing?

Phishing occurs when someone attempts to use electronic communication such as email to fraudulently acquire confidential information such as your password by pretending to be a trusted person or part of a trusted group.

How does phishing work?

Phishing is a form of social engineering, the art of manipulating people into sharing confidential information or performing a desired action. Phishing attacks are commonly transmitted via email and social network sites like Facebook and Twitter.

How will they encourage me to share my information?

Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed or lust. They also often present a sense of urgency. Examples include messages that:

Tell you that your account was misused by you and will be disabled

Tell you that your account was compromised and will be disabled

Tell you that your Mailbox has reached its limit and will be disabled

What might the phisher ask for?

Your password

Account number, card number, PIN, access code

Personally identifiable information like your date of birth, Social Security number or address